From: Joe Doyle (joe.doylePROMEGA.COM)
Date: Thu Aug 12 2004 - 16:55:54 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Here's the link explaining the changes made to the TCP/IP Stack.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.
mspx#XSLTsection127121120120

Quote from that article:
"How do I resolve these issues?

Stop the application that is responsible for the failing connection
attempts."

Great. Thanks guys.

Joe

-----Original Message-----
From: John Singler [mailto:singlerMAIL.VET.UPENN.EDU]
Sent: Thursday, August 12, 2004 3:58 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Re: XP SP2 nmap incompatibility

Fyodor addressed this yesterday:

> This is just a heads-up that most Nmap functionality will not work on
> the just-released Microsoft Windows SP2. Why? Microsoft apparently
> broke it on purpose! When an Nmap user asked MS why security tools
> such as Nmap broke, MS responded[1]:
>
> "We have removed support for TCP sends over RAW sockets in SP2.
> We surveyed applications and found the only apps using this on XP
were
> people writing attack tools."
>
> I don't know why they consider Nmap an "attack tool", particularly
> when they recommend it on some of their own pages[2]. Shrug.
> Removing SP2 re-enables the functionality and causes Nmap to work
> again. Many problems unrelated to Nmap have been found with SP2 as
> well[3], though it does some welcome security improvements for people
> stuck on that platform.
>
> I will work on this if I get time, but am currently busy rewriting the
> core port scanning engine for the next version of Nmap. It is much
> faster, offers much better multiple-host parallelization, and provides
> other long-desired features such as completion time estimates. If
> someone finds a solution to this SP2 problem, please send a patch. It
> may not be too hard, as Nmap supports operating systems such as Win95
> that didn't have raw socket support in the first place.
>
> Cheers,
> Fyodor
>
> [1] http://seclists.org/lists/nmap-dev/2004/Apr-Jun/0077.html
> [2] http://www.microsoft.com/serviceproviders/security/tools.asp
> [3]
http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=23
905071
>
>
> --------------------------------------------------
> For help using this (nmap-hackers) mailing list, send a blank email to
> nmap-hackers-helpinsecure.org . List archive: http://seclists.org

Ian Hayes wrote:

> Installed XP SP2 yesterday. While the installation was lengthy but
event-free, I did notice that nmap 3.55 stopped working correctly. I was
in between scanning subnets here on the network, and installed SP2.
After that, when I resumed my sweeps, I noticed that nmap was reporting
that any host I tried scanning had all its ports filtered. I tried
upgrading the Winpcap driver to the beta one, but that didn't improve
things. I doublechecked my Windows Firewall settings and verified that
it was set to OFF.
>
> After removing SP2, I scanned a host with a known configuration and
nmap correctly identified the open ports and what OS it was running.

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is
configured such that just hitting reply is going to result in the
message coming to the list, not to the individual who sent the message.
This was done to help reduce the number of Out of Office messages
posters received. So if you want to send a reply just to the poster,
you'll have to copy their email address out of the message and place it
in your TO: field.
-----

-----
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]